From 3fafc39a27e3989eeabaec610942bd9f81d2a6b0 Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Wed, 2 Jan 2008 22:54:44 +0100 Subject: fid: avoid buffer overrun. * libidu/idread.c (deserialize_file_links): Fix typo (or think-o). Here's what valgrind reported: Invalid write of size 4 at 0x804A15A: deserialize_file_links (idread.c:132) by 0x8049DEE: maybe_read_id_file (idread.c:74) by 0x8049C64: read_id_file (idread.c:46) by 0x80492FB: main (fid.c:170) Address 0x41EB944 is 628 bytes inside a block of size 629 alloc'd at 0x4022765: malloc (vg_replace_malloc.c:149) by 0x80516BC: xnmalloc_inline (xmalloc.c:49) by 0x80516EE: xmalloc (xmalloc.c:65) by 0x8049E2F: deserialize_file_links (idread.c:87) by 0x8049DEE: maybe_read_id_file (idread.c:74) by 0x8049C64: read_id_file (idread.c:46) by 0x80492FB: main (fid.c:170) Signed-off-by: Jim Meyering --- libidu/idread.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libidu/idread.c b/libidu/idread.c index 939d1a2..c25410f 100644 --- a/libidu/idread.c +++ b/libidu/idread.c @@ -1,5 +1,5 @@ /* idread.c -- functions to read ID database files - Copyright (C) 1995, 1996, 1999, 2007 Free Software Foundation, Inc. + Copyright (C) 1995, 1996, 1999, 2007-2008 Free Software Foundation, Inc. Written by Greg McGary This program is free software; you can redistribute it and/or modify @@ -83,7 +83,7 @@ deserialize_file_links (struct idhead *idhp) { struct file_link **flinks_0 = xmalloc (sizeof(struct file_link *) * idhp->idh_file_links); struct file_link **flinks = flinks_0; - struct file_link **members_0 = xmalloc (sizeof(struct file_link *) * idhp->idh_files + 1); + struct file_link **members_0 = xmalloc (sizeof(struct file_link *) * idhp->idh_file_links + 1); struct file_link **members = members_0; struct file_link *flink; struct file_link **slot; -- cgit v1.2.3